Abstract : Among other threats, secure components are
subjected to physical attacks whose aim is to recover
the secret information they store. Most of the work carried out to protect these components generally consists
in developing protections (or countermeasures) taken
one by one. But this “countermeasure-centered” approach drastically decreases the performance of the chip
in terms of power, speed and availability. In order to
overcome this limitation, we propose a complementary
approach: smart dynamic management of the whole set
of countermeasures embedded in the component. Three
main specifications for such management are required
in a real world application (for example, a conditional
access system for Pay-TV): it has to provide capabilities for the chip to distinguish between attacks and normal use cases (without the help of a human being and
in a robust but versatile way); it also has to be based
on mechanisms which dynamically find a trade-off between security and performance; all these mecanisms
have to be formalized in a way that is clearly understandable by the designer. In this article, a prototype implementing such a security management system is
described. The solution is based on a double-processor
architecture: one processor embeds a representative set
of countermeasures (and mechanisms to define their parameters) and executes the application code. The second processor, on the same chip, applies a given security
strategy, but without requesting sensitive data from the
first processor. The chosen strategy is based on fuzzy
logic reasoning to enable the designer to describe, using a fairly simple formalism, both the attack paths and
the normal use cases. A proof of concept has been proposed for the smart card part of a conditional access
for Pay-TV, but it could be easily fine-tuned for other
applications.